Sec2Code Overview

Presently, more than 80% of the attacks directed against organizations are carried out via the application layer; consequently, it is extremely important to secure it from its foundation, by writing a proper and secure code.

The development of an application in a secure manner necessitates clearly defined procedures and a well-constructed methodology. Dominating each stage of the development – from its initiation, through the design, to the tests conducted prior to production is the secure development basic elements.
BugSec's proprietary Sec2Code is a groundbreaking product that provides the professional support required by the organization's application development teams for the writing of a secure code in all main development languages, such as PHP, .NET, ASP, JAVA, C++, C and more – and thus enabling them to fully comply with the instructions and standards dictated by the main regulations, such as SOX (Sarbanes-Oxley), HIPAA, Basel II, instructions 357, 257, etc.

The extensive experience in the performance of penetration tests in large organizations, and the broad scope of support provided to their development teams as representatives of their Information Security Departments, have allowed BugSec's specialists to acquire the know-how and experience necessary to understand which elements are missing in order to create a productive and effective dialog between the various departments. Handling the missing elements and implementing them into Sec2Code allows to maintain direct contact between the Information Security, Development and Software QA Departments, by being able to observe the security status during the development of each of the writing stages; enabling all the system's users to communicate among themselves through comments, instructions and online repair of deficiencies; to print interim and final reports clearly detailing the information security issues that have been dealt with and handled as required, as well as those that have not yet been properly addressed. Thus, the Project Managers can update themselves at any given moment concerning the classification of the existing irregularities, and more importantly – receive an indication of their precise location.

The use of Sec2Code serves additional purposes, such as enriching the know-how existing within the organization with regard to information security, throughout the organizational hierarchy: from the management level to the programmers writing the codes. Sec2Code also ensures organizations receive online product updates from BugSec as part of the service and support package. The technological updates concerning vulnerabilities and regulatory issues thus place BugSec's clients at the forefront of information security.